Hello community, here is the log from the commit of package leafnode for openSUSE:Factory checked in at 2019-11-07 23:18:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/leafnode (Old) and /work/SRC/openSUSE:Factory/.leafnode.new.2990 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "leafnode" Thu Nov 7 23:18:35 2019 rev:10 rq:746027 version:1.11.11 Changes: -------- --- /work/SRC/openSUSE:Factory/leafnode/leafnode.changes 2019-09-11 10:25:52.787461968 +0200 +++ /work/SRC/openSUSE:Factory/.leafnode.new.2990/leafnode.changes 2019-11-07 23:18:40.196674340 +0100 @@ -1,0 +2,7 @@ +Wed Nov 6 13:24:51 UTC 2019 - [email protected] + +- add patch fix_overflow.diff: fixes potential stack buffer overflow if + unexpected directories with high numbers as a prefix appear. This is only a + hardening. + +------------------------------------------------------------------- New: ---- fix_overflow.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ leafnode.spec ++++++ --- /var/tmp/diff_new_pack.4eMlui/_old 2019-11-07 23:18:40.816675005 +0100 +++ /var/tmp/diff_new_pack.4eMlui/_new 2019-11-07 23:18:40.820675009 +0100 @@ -34,6 +34,7 @@ Source7: leafnode.keyring Source8: leafnode.socket Patch0: leafnode-1.11.6-spooldir-permissions.diff +Patch1: fix_overflow.diff BuildRequires: cron BuildRequires: pcre-devel >= 2.06 BuildRequires: systemd-rpm-macros @@ -55,6 +56,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build %configure\ ++++++ fix_overflow.diff ++++++ Index: leafnode-1.11.11/miscutil.c =================================================================== --- leafnode-1.11.11.orig/miscutil.c +++ leafnode-1.11.11/miscutil.c @@ -84,7 +84,7 @@ createmsgiddir(void) { t = de->d_name; if (isdigit((unsigned char)*t)) { u = strtoul(t, &e, 10); - if (e > t) + if (e > t && u < 1000) havedir[u] = 1; } }
